Xfinity was impacted by a data security incident

If you would like to know more about the incident, please visit xfinity.com/dataincident. If you have additional questions, you can reach the dedicated team with more on this at 1-888-799-2560. They are available 24 hours a day, 7 days a week.

That's typical, you do nothing and your telling us to do the work. What are we paying for every month?

That's a great question @cpupro, supporting the expansion, creation, and maintenance of our infrastructure to deliver services to your home and area is just one piece of the costs that are a part of our monthly rates. Alternatively, there are items that are provided at no additional cost to our customers for literally every line of business that we provide. Take the internet for example, our xFi Advanced Security helps prevent customers from accidentally accessing risky sites, blocks remote access to smart devices from known dangerous sources and monitors network activity in real time to prevent security risks.

Additionally, we provide an Xfinity email service at no additional charge for use, space, or maintenance of the service. There are many more perks and benefits that our customers are provided with that there are additional costs for.

Some of our regular costs of operation that are incorporated into the monthly service rate include the overall cost of operations and support like having a team here in our Forums to answer your questions and help with concerns and/or troubleshooting together. Having teams over the phone is part of the day-to-day along with support for development teams, engineering, repair, technicians and their materials and equipment needed, maintenance teams, equipment design teams, etc. The list is literally never-ending if we were to list out all of the teams and departments that work together to create and support services to our entire footprint.

Let me ask this. We used to get $10.00 off per month if you direct billed to a credit card which I have done for years. No paper statements just money going directly to you. NOW, you have changed this to only give us $5.00 a month if we direct bill to our credit card BUT if we give you the information to pull out this money directly from our bank you'll give us $10.00 an month. Why, if you can't protect our data would we do that? If they get our bank information they can take all the money we live on. If they get the credit card information we can only get charged a small amount.

It doesn't work out as far as I can see to give you any more personal information than you already have.

@cpupro our policies, promotions, discounts etc do change over time. It is your choice to have paperless billing and auto-pay set up on your accounts and if you are going to pay using a debit/credit card or bank account for payment. If you do not want to provide your information you can remove autopay by following this link: https://www.xfinity.com/support/articles/setting-up-auto-payments. Here is a link: https://www.xfinity.com/support/articles/one-time-bill-pay-options-through-my-account on how to make 1 time bill payments. 

@kimochi1777 you can learn more about what we are doing to protect our customers here

Hmmm, two months go by before customers are notified, wonderful.  Love the customer focus of comcast and why isn't comcast offering free credit monitoring like most other companies that have had their databases hacked????  Makes one feel like comcast is saying "oh well it happened, sorry." BTW here are price increases to make you feel better.  Wish my area had an other provider as I would be with them so fast.  Yes, I am not a happy customer.

Hi, @TC851! Thanks for taking the time out of your day to visit XFINITY over our forums page for help. Great question. I would be wondering the same thing. For more information, please feel free to visit this link for more details. 

How can I get help with my comcast email not working but it works on the site only?  

True!  they want u to use an app on yr phone. i dont email on my phone. I went to get help because email not sending so went on xfinity site. had me change password, now email is offline cant send. then when attempting to get online help ...nothing!! 

Im running into similar problem of,   no one at xfinity to help with my email working on there site....but my mac email with this same address says "unable to verify ID or password.  Thinking maybe with data breach they got rid of my email ? so it does not show up on my mac?

but !!! i can get that address 'email' on their site......BUT under a different email address.      Scary to think the reason they will not call back is because NO one to help?

instead I got a txt message from spam  on a phone i dont use thru comcast.

Hello and welcome to Comcast @ps89. I am sorry to hear that you are not able to receive email on your Mac. Did you recently change the password to your Xfinity email address? Also I see that you are able to access your email on the webmail portal. It sounds like you need to just update the password on your Mac. Here is a link https://www.xfinity.com/support/articles/pop-imap-mac-mail to help you go to your Mac settings and update the password. 

@Terry0327

I understand the feedback. If you would like more informaiton on the situation please call the IDX team at 888-799-2560.

@XfinityJodie​ I don't understand why your team does not have this information instead of telling a customer "oh here call this other number" so the customer can wade through another IVR system instead of having something that you can put as an answer that I would figure many other people would have that have provided direct payment information.  Comcast has the worst customer service I have ever experienced I hate to say.  I was in customer service for a very long time and I continue to shake my head at the way comcast does it.

We deeply apologize for any confusion that this may cause for you @fedup978.  However, due to that being a specialty team where we are more of a broader stoke of a department, that specialty team will be able to answer your in depth questions as to what is going on.  

@XfinityJodie​  will this number help me with my email problems?

@user_5njl7e 

Dear Xfinity,

Dear Xfinity,

WHO IS HAVING PROBLEMS WITH THE RECENT HACK OF XFINITY WITH NO RESOLUTION ?  I have spent hours on the phone due to hacking of my passwords for email, WiFi, login etc…  I have spoken to the 1st level of IT support at Xfinity and have received no solution to the issues I have been having with my apple devices not syncing with their email platform.  My devices are IMAP devices and the web site is  OWA.  The Citrix / Xfinity hacking has corrupted my devices and I have been through all protocols with apple support.  If you do not provide information as to the status of this event from top level IT support as to when the residual damage to customers devices will be resolved I will be looking for another internet provider.   

If you went through the comcast website to change your passwords, did you change them on your devices as well?  I am not familiar with apple products but depending on what email client you're using you may need to change your password in two different places.  That's about all I know which isn't much, I admit.

The "Hack" on Citrix managed cloud instances happened back in October, where millions of users were impacted by a data theft.  Name, social security number (if you provided it), email addresses, phone numbers and addresses.  

Xfinity claims they patched their systems a few days after Citrix released a patch with their announcement, but Xfinity didn't figure out the impact until December, but it's far too late by then and your data was gone and likely was exposed to the wild long before Citrix figured out there was a problem and released a patch for it back in October.

YOUR personal device isn't "hacked", but your account details are.  With that, an attacker can change your password and intercept your email, and possibly for other accounts you have your Xfinity account linked with for password recovery and for two factor authentication.  They can also do this by phone since they have all of your account details to impersonate you.

For mitigation, Xfinity enforced a password change globally.  This causes issues when you have several devices checking mail and failing authentication.  Your account can be temporarily locked out.  It's also possible your account is currently hijacked and forwarding email to some other hostile actor.  Log into web mail with a browser from https://xfinity.com  (click the drop down in the upper right, and check email).   Go into settings -- the little gear icon in the upper right, and make sure you aren't forwarding mail on the left pane.  

If you can't log into webmail using your updated password that you set, then your account is compromised so you'll have to call them.  https://internetsecurity.xfinity.com/help/report-abuse   

Other users report you may also have to enable two factor authentication for your account from now on or your mail won't work.  You do that on the main login page https://xfinity.com under your account.  

If your devices can't check mail with the new password, the first thing you want to do is stop them from checking your mail and failing authentication.  They will lock your account from repeated failed attempts.  Follow the links on this post and see if any of them help:

https://forums.xfinity.com/conversations/email/apple-mail-cannot-connect-to-my-comcast-mailbox/658394bef961c6163a32ae59?commentId=65840c96f961c6163a32b286 

Remember DO NOT REUSE PASSWORDS between email accounts (comcast/owa/gmail/your bank...etc).  When one gets hacked like Xfinity, they all will.  I'd also consider Xfinity email burned.  Do not use them for anything important again.

Thank you !   First real explanation I have received !

It was my understanding that the Citrix Bleed 0 Day was hacked more than once. At least around 2016 or 2017. It controls many things such as accounting databases, Toyota, Legal Firms and many others. No respectable company should be using Citrix any longer. 

@Again​ With Mac mail and iOS mail the password needs changed on each and every device.

@user_bzuoeb I can understand how frustrating the bill rising can be. We as employees are customers as well and see it ourselves. We do not offer any a la carte packages like you describe but we'd be happy to find you a lower rate if one is available. Please direct message us your full name and address. 

Here's the detailed steps to direct message us:

• Click "Sign In" if necessary
• Click the "Direct Message” icon (upper right corner of this page)
• Click the "New message" (pencil and paper) icon
• Type "Xfinity Support" in the to line and select "Xfinity Support" from the drop-down list
• Type your message in the text area near the bottom of the window

• Press Enter to send your message

@user_e43v80​ This is a similar question that others have asked also.  IMHO it does not appear that comcast is going to offer anything like that until the states push/ force comcast  to do that.  Other companies have done it as a "good will" gesture to their customer base. 

@XfinityAngie​ Changing the password is not doing anything other than changing the access to get into the comcast account.  comcast has already lost the key information about their customer base to someone that can be used against the customers.  The fact that comcast has not offered anything to the customers except raised prices says that this needs to be taken to a whole new level.

@fedup978 That is the recommended action to secure your account. For more information you can visit www.xfinity.com/dataincident.

Hello, @user_zkfotq. Thanks for posting on our community forums for assistance. To confirm, is this email associated with an active account? Or was your account closed, but you still have access to the secondary emails? 

I was asked to change my password as well, had no idea of a breach.  I think it should have been communicated to all customers.